[go: up one dir, main page]

WO2007066862A1 - Method and apparatus for protecting internet privacy - Google Patents

Method and apparatus for protecting internet privacy Download PDF

Info

Publication number
WO2007066862A1
WO2007066862A1 PCT/KR2006/002123 KR2006002123W WO2007066862A1 WO 2007066862 A1 WO2007066862 A1 WO 2007066862A1 KR 2006002123 W KR2006002123 W KR 2006002123W WO 2007066862 A1 WO2007066862 A1 WO 2007066862A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal information
information
website
transmission
user
Prior art date
Application number
PCT/KR2006/002123
Other languages
French (fr)
Inventor
Dae-Seon Choi
Seung-Hun Jin
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Priority to US12/096,835 priority Critical patent/US20080307529A1/en
Publication of WO2007066862A1 publication Critical patent/WO2007066862A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the present invention relates to information security , and more particularly, to a method and apparatus for protecting personal information on the Internet.
  • Leakage of personal information leakage includes leakage of personal information input to an Internet website, phishing, that is, obtaining user's personal information through a fake website similar to a well-known website, intercepting personal information using a malicious program, such as a spy ware, installed in the personal computer (PC) of a user, , and network sniping between a user and a website.
  • phishing that is, obtaining user's personal information through a fake website similar to a well-known website
  • a malicious program such as a spy ware, installed in the personal computer (PC) of a user
  • PC personal computer
  • Personal identification information may include the name and address of a user, a resident registration number, a credit card number, a password, and the like.
  • the present invention provides a method and apparatus for protecting personal information on the Internet.
  • a method of protecting personal information on the Internet including: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination site of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result.
  • an apparatus for protecting personal information on the Internet including: a transmission sensing unit sensing transmission of personal information of a user through the Internet; a destination information detection unit detecting information on a website that is the destination site of the sensed transmission of the personal information; and a providing-of-personal-information determination unit comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
  • the present invention in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be avoided. Also, in order to prevent phishing, the present invention helps a user identify a fake website such that possibility of phishing can be minimized.
  • FIG. 1 is a flowchart of a method of protecting personal information on the Internet according to an embodiment of the present invention
  • FIG. 2 illustrates a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention.
  • FIG. 3 illustrates an example of a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention, including an environment in which the apparatus is used.
  • a method of protecting personal information on the Internet including: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination site of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result.
  • an apparatus for protecting personal information on the Internet including: a transmission sensing unit sensing transmission of personal information of a user through the Internet; a destination information detection unit detecting information on a website that is the destination site of the sensed transmission of the personal information; and a providing-of-personal-information determination unit comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
  • the apparatus may further include a user query unit sending a query to the user and receiving an answer therefrom.
  • the providing-of -personal-information determination unit may compare the detected information on the website with a predetermined reliability class of websites, and according to the predetermined personal information protection policy, by using a processing method according to the comparison result, may permit or block the transmission of the personal information, or may send a query to the user, and may permit or block the transmission of the personal information according to an answer of the user.
  • FIG. 1 is a flowchart of a method of protecting personal information on the Internet according to an embodiment of the present invention.
  • Transmission of personal information of a user through the Internet is sensed in operation 100.
  • Information on a website which is the destination site of the sensed transmission of the personal information is detected in operation 110.
  • the detected information on the website is compared with a predetermined personal information protection policy in operation 120, and the transmission of the personal information is permitted or blocked according to the comparison result in operation 130.
  • FIG. 2 illustrates a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention.
  • the apparatus of FIG. 2 includes a transmission sensing unit 200 sensing
  • a destination information detection unit 210 detecting information on a website that is the destination site of the sensed transmission of the personal information
  • a providing- of-personal-information determination unit 220 comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
  • the apparatus of FIG. 2 also includes a user query unit 230 sending a query to the user and receiving a reply therefrom. If the information on the website that is the destination site of the transmission of the personal information is detected, the providing-of -personal-information determination unit 220 compares the detected information on the website with a predetermined reliability class of websites,
  • the transmission of the personal information is permitted or blocked, or by sending a query to the user and receiving a replay therefrom, the transmission of the personal information is permitted or blocked according to the reply.
  • FIG. 3 illustrates an example of a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention, including an environment in which the apparatus is used.
  • FIG. 3 illustrates the structure of the apparatus of FIG. 2, including the surrounding environment, and the flowchart and apparatus of FIGS. 1 and 2 will be explained in more detail through explanation of FIG. 3.
  • a plug-in monitor browser 10 analyzes information input by a user through a browser 80 in order to be transmitted to a website 90, senses personal information, and when necessary, blocks the transmission of the personal information.
  • the plug-in monitor browser 10 is a program which begins to operate if the browser program of a computer begins to operate. As will be explained later, the plug-in monitor browser 10 performs the functions of the transmission sensing unit 200 and the destination information detection unit 210.
  • the plug-in monitor browser 10 analyzes the information transmitted from the browser 80 to the website 90, and if the information includes personal information, sends a query to the providing-of-personal-information determination unit 20 on whether or not the information can be transmitted to the website 90. Then, when the transmission is permitted, the plug-in monitor browser monitor 10 transmits the information, and if the transmission is prohibited, the plug-in monitor browser monitor 10 does not transmit the information.
  • the providing-of-personal-information determination unit 20 receives the query from the plug-in monitor browser 10, and determines whether or not the personal information can be transmitted to the website.
  • the plug-in monitor browser 10 sends a query on whether or not to permit the personal information, the query including the contents of the item of the personal information and the name of the receiving website
  • the providing- of-personal-information determination unit 20 sends a query on the personal information protection reliability class of the receiving website to a determination information management unit 60, and receives a result therefrom.
  • the determination information management unit 60 sends a lowest class as an answer if the receiving website cannot be found.
  • a personal information providing policy has predetermined personal information items, and one value among permission, prohibition, and user query with respect to a predetermined personal information protection reliability class.
  • the user query refers to sending a query to the user through the user query unit 30.
  • the user query unit 30 is a user interface to send a query to the user as to whether or not to permit transmission of personal information.
  • the providing-of-personal information determination unit 20 sends to the user the personal information protection reliability class of the website that receives the personal information, and sends a query as to whether or not to continue transmission of the personal information. As a response to the query, the user may select to continue or stop the process. If the user sends an answer to continue the process, the providing- of-personal-information unit 20 determines that the response indicates permission of providing information, and allows the information to be transmitted.
  • An information management unit 40 is a user interface to input and manage information that is stored and managed in a policy management unit 50. Through the information management unit 40, the user can input and modify a personal information transmission permission policy that is stored in the policy management unit 50. As a result, the policy management unit 50 stores the personal information transmission permission policy that is input and managed through the information management unit 40.
  • a determination information management unit 60 stores a personal information protection reliability class list of websites, and when the providing- of-personal-information determination unit 20 inquires the personal information protection reliability class of a predetermined website, the determination information management unit 60 responds to this.
  • the providing-of-personal-information determination unit 20 does not have information on a requested specific website, the providing-of -personal-information determination unit 20 sends a lowest class as an answer.
  • the personal information protection reliability class list of websites can be any personal information protection reliability class list of websites.
  • the personal information protection reliability class list of the website is downloaded from the website class information server 70.
  • the website class information server 70 stores and manages the personal information protection reliability class list of websites, and when there is a request from the determination information management unit 60, permits download of the personal information protection reliability class list of the website.
  • the personal information protection reliability class list of websites is input by an administrator of the website class information server 70, and a class for a website can be assigned based on data provided by a management organization for protection of personal information and notoriety to the public.
  • the website class information server 70 is a single server on the Internet, unlike other elements of FIG. 3 that are installed in the PC of the user.
  • the set personal information permission policy is stored in the policy management unit 50.
  • the determination information management unit 60 accesses the website class information server 70, and downloads the personal information protection reliability class list of the website.
  • the plug-in monitor browser 10 senses the transmission of the user's personal information in operation 100, and detects information on the website 90 in operation 110. Since information on the website 90 is included in the header of the packet being transmitted, the information on the website 90 is detected in the header part of the packet input by the user.
  • the plug-in monitor browser 10 sends a query to the providing- of-personal-information determination unit 20 as to whether or not to permit that transmission of the personal information.
  • the name of the website 90 that should receive the personal information and the personal information items being transmitted are included.
  • the providing-of-personal-information determination unit 20 obtains the personal transmission permission policy of the user from the policy management unit 50, and inquires the determination information management unit 60 of the personal information protection reliability class of the website 90 included in the query.
  • the providing-of-personal-information determination unit 20 compares the queried personal information item with the personal information protection reliability class of the website 90. If permission is granted in response to the comparison result according to the personal information transmission permission policy, the providing- of-personal-information determination unit 20 sends a permission answer to the plug-in monitor browser 10 in operation 130. After the plug-in monitor browser 10 receives the answer, it transmits the personal information to the website 90.
  • the providing-of -personal-information determination unit 20 sends a prohibition answer to the plug-in monitor browser 10 in operation 130.
  • the browser monitor plug-in 10 cancels the transmission of the personal information, and the user is informed through the browser 80 that the transmission of the personal information is canceled because the personal information protection reliability class of the website is low.
  • the providing-of-personal-information determination unit 20 displays the personal information protection reliability class of the website 90 receiving the personal information, through the user query unit 30, and asks the user whether or not to continue the transmission of the personal information. If the user chooses to continue the transmission, the providing-of -personal-information determination unit 20 sends a permission answer to the plug-in monitor browser 10 in operation 130. If the user chooses to stop the transmission 30, the providing-of-personal-information determination unit 20 sends a prohibition answer to the plug-in monitor browser 10so that the transmission of the personal information is blocked in operation 130.
  • the personal information protection permission policy of the user for a website having the lowest personal information protection reliability class is set to prohibition or user query. Accordingly, a user query or cancellation of the transmission is performed.
  • a famous website has a high personal information protection reliability class. Accordingly, if the user receives a prohibition answer for personal information transmission or a query for the site that the user thinks to be a famous site, the user begins to suspect that the website is not a real site, but a fake website. Thus, the user can identify the site as being a fake website.
  • transmission of the information can be permitted or blocked according to the his/her determination.
  • the present invention in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be avoided. Also, in order to prevent phishing, the present invention helps a user identify a fake website such that possibility of phishing can be minimized.
  • each step of the present invention can be implemented in a variety of ways, including by software using a general programming technique, and by hardware.
  • the computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system.
  • the present invention can be used in the field of information security, and in the field of protecting personal information on the Internet, in particular.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method of protecting personal information on the Internet, and an apparatus thereof are provided. The method includes: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result. According to the method, in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be prevented in advance. Also, in order to prevent phishing, that is, obtaining user's personal information through a fake website having an appearance similar to a famous website, the method helps the user identify a fake website such that possibility of phishing can be minimized.

Description

Description
METHOD AND APPARATUS FOR PROTECTING INTERNET
PRIVACY
Technical Field
[1] The present invention relates to information security , and more particularly, to a method and apparatus for protecting personal information on the Internet.
Background Art
[2] Leakage of personal information on the Internet and resultant damages have
become a very serious problem. Leakage of personal information leakage includes leakage of personal information input to an Internet website, phishing, that is, obtaining user's personal information through a fake website similar to a well-known website, intercepting personal information using a malicious program, such as a spy ware, installed in the personal computer (PC) of a user, , and network sniping between a user and a website.
[3] Personal identification information may include the name and address of a user, a resident registration number, a credit card number, a password, and the like.
[4] Among the technologies developed so far to prevent personal information leakage, the leading one is an encryption technology that prevents interception of user information on a network. However, many users do not have this technology.
[5] Meanwhile, a technology for detecting and deleting spyware installed in a PC of a user has been developed. However, the main purpose of this technology is not to protect leakage of personal information, and the technology must be upgraded continuously to deal with new spyware continuously appearing.
Disclosure of Invention
Technical Problem
[6] The present invention provides a method and apparatus for protecting personal information on the Internet.
Technical Solution
[7] According to an aspect of the present invention, there is provided a method of protecting personal information on the Internet, the method including: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination site of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result.
[8] According to another aspect of the present invention, there is provided an apparatus for protecting personal information on the Internet, the apparatus including: a transmission sensing unit sensing transmission of personal information of a user through the Internet; a destination information detection unit detecting information on a website that is the destination site of the sensed transmission of the personal information; and a providing-of-personal-information determination unit comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
Advantageous Effects
[9] According to the present invention, in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be avoided. Also, in order to prevent phishing, the present invention helps a user identify a fake website such that possibility of phishing can be minimized.
Description of Drawings
[10] The above and other features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings in which:
[11] FIG. 1 is a flowchart of a method of protecting personal information on the Internet according to an embodiment of the present invention;
[12] FIG. 2 illustrates a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention; and
[13] FIG. 3 illustrates an example of a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention, including an environment in which the apparatus is used.
Best Mode
[14] According to an aspect of the present invention, there is provided a method of protecting personal information on the Internet, the method including: sensing transmission through the Internet of personal information of a user; detecting information on a website that is the destination site of the sensed transmission of the personal information; comparing information on the detected website with a personal information protection policy; and permitting or blocking the transmission of the personal information according to the comparison result.
[15] According to another aspect of the present invention, there is provided an apparatus for protecting personal information on the Internet, the apparatus including: a transmission sensing unit sensing transmission of personal information of a user through the Internet; a destination information detection unit detecting information on a website that is the destination site of the sensed transmission of the personal information; and a providing-of-personal-information determination unit comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
[16] The apparatus may further include a user query unit sending a query to the user and receiving an answer therefrom. The providing-of -personal-information determination unit may compare the detected information on the website with a predetermined reliability class of websites, and according to the predetermined personal information protection policy, by using a processing method according to the comparison result, may permit or block the transmission of the personal information, or may send a query to the user, and may permit or block the transmission of the personal information according to an answer of the user.
Mode for Invention
[17] The present invention will now be described more fully with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown.
[18] FIG. 1 is a flowchart of a method of protecting personal information on the Internet according to an embodiment of the present invention.
[19] Transmission of personal information of a user through the Internet is sensed in operation 100. Information on a website which is the destination site of the sensed transmission of the personal information is detected in operation 110. The detected information on the website is compared with a predetermined personal information protection policy in operation 120, and the transmission of the personal information is permitted or blocked according to the comparison result in operation 130.
[20] FIG. 2 illustrates a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention.
[21] The apparatus of FIG. 2 includes a transmission sensing unit 200 sensing
transmission of personal information of a user through the Internet, a destination information detection unit 210 detecting information on a website that is the destination site of the sensed transmission of the personal information, and a providing- of-personal-information determination unit 220 comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
[22] The apparatus of FIG. 2 also includes a user query unit 230 sending a query to the user and receiving a reply therefrom. If the information on the website that is the destination site of the transmission of the personal information is detected, the providing-of -personal-information determination unit 220 compares the detected information on the website with a predetermined reliability class of websites,
[23] Then, according to the predetermined personal information protection policy, by using a processing method according to the comparison result, the transmission of the personal information is permitted or blocked, or by sending a query to the user and receiving a replay therefrom, the transmission of the personal information is permitted or blocked according to the reply.
[24] FIG. 3 illustrates an example of a structure of an apparatus for protecting personal information on the Internet according to an embodiment of the present invention, including an environment in which the apparatus is used. FIG. 3 illustrates the structure of the apparatus of FIG. 2, including the surrounding environment, and the flowchart and apparatus of FIGS. 1 and 2 will be explained in more detail through explanation of FIG. 3.
[25] A plug-in monitor browser 10 analyzes information input by a user through a browser 80 in order to be transmitted to a website 90, senses personal information, and when necessary, blocks the transmission of the personal information. The plug-in monitor browser 10 is a program which begins to operate if the browser program of a computer begins to operate. As will be explained later, the plug-in monitor browser 10 performs the functions of the transmission sensing unit 200 and the destination information detection unit 210.
[26] The plug-in monitor browser 10 analyzes the information transmitted from the browser 80 to the website 90, and if the information includes personal information, sends a query to the providing-of-personal-information determination unit 20 on whether or not the information can be transmitted to the website 90. Then, when the transmission is permitted, the plug-in monitor browser monitor 10 transmits the information, and if the transmission is prohibited, the plug-in monitor browser monitor 10 does not transmit the information.
[27] As a method of sensing personal information by the plug-in monitor browserlO, a method of comparing a name part of an hypertext transfer protocol (http) parameter with a personal information item pattern is used.
[28] For example, in an http transmission,
[29] http://www.sitename.com/cgi-bin/user-regist?name=kimcheolsoo&
addr=seoulcitydongjakgu... ,
[30] the http parameter name 'name' is compared with a personal information item
pattern kept by the plug-in monitor browser 10. At this time, the http parameter value is also examined so that only items having actual values are compared. [31] The providing-of-personal-information determination unit 20 receives the query from the plug-in monitor browser 10, and determines whether or not the personal information can be transmitted to the website.
[32] If the plug-in monitor browser 10 sends a query on whether or not to permit the personal information, the query including the contents of the item of the personal information and the name of the receiving website, the providing- of-personal-information determination unit 20 sends a query on the personal information protection reliability class of the receiving website to a determination information management unit 60, and receives a result therefrom.
[33] The determination information management unit 60 sends a lowest class as an answer if the receiving website cannot be found.
[34] In case of phishing, that is, obtaining user, personal information through a fake website similar to a well-known website, a user may consider the fake website as being the well-known website. However, when the providing-of-personal-information determination unit 20 searches a personal information protection reliability class list, for the website to which the information is to be transmitted, it is highly probable that the website cannot be found by a normal method.
[35] The personal information protection reliability class of an identified website
indicates the degree that the website performs appropriately protection of collected personal information, and according to this class, whether or not to transmit personal information can be determined. For example, it may be determined that transmission of personal information to a website having a low personal information protection reliability class is not permitted.
[36] Whether or not to transmit which personal information according to which class is determined according to a personal information transmission permission policy obtained from a policy management unit 50.
[37] A personal information providing policy has predetermined personal information items, and one value among permission, prohibition, and user query with respect to a predetermined personal information protection reliability class.
[38] Among these, the user query refers to sending a query to the user through the user query unit 30.
[39] The user query unit 30 is a user interface to send a query to the user as to whether or not to permit transmission of personal information.
[40] The providing-of-personal information determination unit 20 sends to the user the personal information protection reliability class of the website that receives the personal information, and sends a query as to whether or not to continue transmission of the personal information. As a response to the query, the user may select to continue or stop the process. If the user sends an answer to continue the process, the providing- of-personal-information unit 20 determines that the response indicates permission of providing information, and allows the information to be transmitted.
[41] An information management unit 40 is a user interface to input and manage information that is stored and managed in a policy management unit 50. Through the information management unit 40, the user can input and modify a personal information transmission permission policy that is stored in the policy management unit 50. As a result, the policy management unit 50 stores the personal information transmission permission policy that is input and managed through the information management unit 40.
[42] A determination information management unit 60 stores a personal information protection reliability class list of websites, and when the providing- of-personal-information determination unit 20 inquires the personal information protection reliability class of a predetermined website, the determination information management unit 60 responds to this.
[43] If the providing-of-personal-information determination unit 20 does not have information on a requested specific website, the providing-of -personal-information determination unit 20 sends a lowest class as an answer.
[44] The personal information protection reliability class list of websites can be
obtained from a website class information server 70. In this case, when a program of the determination information management unit 60 starts operating, the personal information protection reliability class list of the website is downloaded from the website class information server 70.
[45] The website class information server 70 stores and manages the personal information protection reliability class list of websites, and when there is a request from the determination information management unit 60, permits download of the personal information protection reliability class list of the website.
[46] The personal information protection reliability class list of websites is input by an administrator of the website class information server 70, and a class for a website can be assigned based on data provided by a management organization for protection of personal information and notoriety to the public. The website class information server 70 is a single server on the Internet, unlike other elements of FIG. 3 that are installed in the PC of the user.
[47] The operation of the apparatus or system for protecting personal information on the
Internet according to an embodiment of the present invention will now be explained.
[48] The user sets a transmission permission policy through the information
management unit 40, and the set personal information permission policy is stored in the policy management unit 50.
[49] When the apparatus for protecting personal information on the Internet starts operating, the determination information management unit 60 accesses the website class information server 70, and downloads the personal information protection reliability class list of the website.
[50] If the user inputs personal information through the browser 80 and transmits the personal information to the website 90, the plug-in monitor browser 10 senses the transmission of the user's personal information in operation 100, and detects information on the website 90 in operation 110. Since information on the website 90 is included in the header of the packet being transmitted, the information on the website 90 is detected in the header part of the packet input by the user.
[51] The plug-in monitor browser 10 sends a query to the providing- of-personal-information determination unit 20 as to whether or not to permit that transmission of the personal information. In the query, the name of the website 90 that should receive the personal information and the personal information items being transmitted are included.
[52] The providing-of-personal-information determination unit 20 obtains the personal transmission permission policy of the user from the policy management unit 50, and inquires the determination information management unit 60 of the personal information protection reliability class of the website 90 included in the query.
[53] In this process, the information on the website 90 is compared with the personal information protection policy in operation 120.
[54] The providing-of-personal-information determination unit 20 compares the queried personal information item with the personal information protection reliability class of the website 90. If permission is granted in response to the comparison result according to the personal information transmission permission policy, the providing- of-personal-information determination unit 20 sends a permission answer to the plug-in monitor browser 10 in operation 130. After the plug-in monitor browser 10 receives the answer, it transmits the personal information to the website 90.
[55] If permission is not granted according to the personal information transmission permission policy, the providing-of -personal-information determination unit 20 sends a prohibition answer to the plug-in monitor browser 10 in operation 130.
[56] The browser monitor plug-in 10 cancels the transmission of the personal information, and the user is informed through the browser 80 that the transmission of the personal information is canceled because the personal information protection reliability class of the website is low.
[57] If the personal information transmission permission policy indicates a user query, the providing-of-personal-information determination unit 20 displays the personal information protection reliability class of the website 90 receiving the personal information, through the user query unit 30, and asks the user whether or not to continue the transmission of the personal information. If the user chooses to continue the transmission, the providing-of -personal-information determination unit 20 sends a permission answer to the plug-in monitor browser 10 in operation 130. If the user chooses to stop the transmission 30, the providing-of-personal-information determination unit 20 sends a prohibition answer to the plug-in monitor browser 10so that the transmission of the personal information is blocked in operation 130.
[58] A method to help a user identify whether or not a website is a fake website in order to prevent phishing will now be explained.
[59] When the personal information protection reliability class of the reception website is inquired for in operation 120, it is highly probable that information on the fake website does not exist in the website class information server 70. Accordingly, the fake website is classified as the lowest personal information protection reliability class.
[60] It is probable that the personal information protection permission policy of the user for a website having the lowest personal information protection reliability class is set to prohibition or user query. Accordingly, a user query or cancellation of the transmission is performed.
[61] A famous website has a high personal information protection reliability class. Accordingly, if the user receives a prohibition answer for personal information transmission or a query for the site that the user thinks to be a famous site, the user begins to suspect that the website is not a real site, but a fake website. Thus, the user can identify the site as being a fake website.
[62] The above explanation is about preventing transmission of information input by the user to a phishing website. However, the present invention is not limited to this.
[63] For example, when the user does not intend to transmit any information, that is, when personal information of the user is leaked even without the user's input of the information, if the leakage of the personal information is sensed according to the present invention, the leakage may be blocked or the user may be informed that the
transmission of the information can be permitted or blocked according to the his/her determination.
[64] According to the present invention, in order to minimize leakage of personal information from a website, when user information is input to the website, providing of the personal information is controlled based on information on whether or not the website is reliable in terms of personal information protection such that providing of the personal information to a dangerous website can be prevented, and possible damage by leakage of personal information can be avoided. Also, in order to prevent phishing, the present invention helps a user identify a fake website such that possibility of phishing can be minimized.
[65] While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims. The preferred embodiments should be considered in descriptive sense only and not for purposes of limitation. For example, though the Internet is explained as an example of a communication network in the above description, the embodiment can also be used in a public telephone communication network, such as a public switched telephone network (PSTN).
[66] Therefore, the scope of the invention is defined not by the detailed description of the invention but by the appended claims, and all differences within the scope will be construed as being included in the present invention.
[67] Also , it is easily understood by those skilled in the art that each step of the present invention can be implemented in a variety of ways, including by software using a general programming technique, and by hardware.
[68] Partial operations of t he present invention can also be embodied as computer
readable codes on a computer readable recording medium. The computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system.
Industrial Applicability
[69] The present invention can be used in the field of information security, and in the field of protecting personal information on the Internet, in particular.

Claims

Claims
[1] A method of protecting personal information on the Internet, the method
comprising:
sensing transmission through the Internet of personal information of a user;
detecting information on a website that is the destination site of the sensed transmission of the personal information;
comparing information on the detected website with a personal information protection policy; and
permitting or blocking the transmission of the personal information according to the comparison result.
[2] The method of claim 1, wherein the sensing of the transmission of the personal information is performed according to whether or not actual data is set in a name part of an http (hypertext transfer protocol) parameter of an http transmission protocol.
[3] The method of claim 1, wherein in the comparing of the information on the
detected website with the personal information protection policy, the detected information on the website is compared with a predetermined reliability class of websites, and according to the predetermined personal information protection policy, by using a processing method according to the comparison result, the transmission of the personal information is permitted or blocked, or a query is sent to the user, and according to an answer to the query, the transmission of the personal information is permitted or blocked.
[4] An apparatus for protecting personal information on the Internet, the apparatus comprising:
a transmission sensing unit sensing transmission of personal information of a user through the Internet;
a destination information detection unit detecting information on a website that is the destination site of the sensed transmission of the personal information; and a providing-of -personal- information determination unit comparing the detected information on the website with a predetermined personal information protection policy database, and permitting or blocking the transmission of the personal information according to the comparison result.
[5] The apparatus of claim 4, wherein the transmission sensing unit senses the
transmission of the personal information according to whether or not actual data is set in a name part of an http parameter of an http transmission protocol.
[6] The apparatus of claim 4, further comprising a user query unit sending a query to the user and receiving an answer therefrom, wherein the providing-of -personal-information determination unit compares the detected information on the website with a predetermined reliability class of websites, and according to the predetermined personal information protection policy, by using a processing method according to the comparison result, permits or blocks the transmission of the personal information, or a query is sent to the user, and the transmission of the personal information is permitted or blocked according to an answer to the query.
PCT/KR2006/002123 2005-12-10 2006-06-02 Method and apparatus for protecting internet privacy WO2007066862A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/096,835 US20080307529A1 (en) 2005-12-10 2006-06-02 Method and Apparatus for Protecting Internet Privacy

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2005-0121239 2005-12-10
KR1020050121239A KR100670826B1 (en) 2005-12-10 2005-12-10 Internet privacy method and device

Publications (1)

Publication Number Publication Date
WO2007066862A1 true WO2007066862A1 (en) 2007-06-14

Family

ID=38014094

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/002123 WO2007066862A1 (en) 2005-12-10 2006-06-02 Method and apparatus for protecting internet privacy

Country Status (3)

Country Link
US (1) US20080307529A1 (en)
KR (1) KR100670826B1 (en)
WO (1) WO2007066862A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009089706A1 (en) * 2007-12-19 2009-07-23 Tencent Technology (Shenzhen) Company Limited Method, device and computer terminal for preventing the sensitive information from leaking
EP2280362A1 (en) * 2009-07-30 2011-02-02 Research In Motion Limited Apparatus and method for controlled sharing of personal information
US8875219B2 (en) 2009-07-30 2014-10-28 Blackberry Limited Apparatus and method for controlled sharing of personal information
US20240106857A1 (en) * 2022-09-28 2024-03-28 Bank Of America Corporation Typosquatting Detection and Notification

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7818809B1 (en) * 2004-10-05 2010-10-19 Symantec Corporation Confidential data protection through usage scoping
US8904487B2 (en) * 2006-08-31 2014-12-02 Red Hat, Inc. Preventing information theft
WO2009072801A2 (en) * 2007-12-05 2009-06-11 Electronics And Telecommunications Research Institute System for managing identity with privacy policy using number and method thereof
KR101021305B1 (en) * 2008-12-31 2011-03-11 (주)소만사 How to protect your personal information
US8590003B2 (en) 2009-06-15 2013-11-19 Microsoft Corporation Controlling access to resources by hosted entities
CN101996203A (en) * 2009-08-13 2011-03-30 阿里巴巴集团控股有限公司 Web information filtering method and system
KR101262446B1 (en) 2009-12-21 2013-05-08 한국전자통신연구원 Apparatus and Method for Preventing Leakage of Individual Information
US20110208850A1 (en) * 2010-02-25 2011-08-25 At&T Intellectual Property I, L.P. Systems for and methods of web privacy protection
US9467424B2 (en) * 2011-10-07 2016-10-11 Salesforce.Com, Inc. Methods and systems for proxying data
CN108021830B (en) * 2014-03-26 2022-03-18 联想(北京)有限公司 Information processing method and electronic equipment
CN105141610A (en) * 2015-08-28 2015-12-09 百度在线网络技术(北京)有限公司 Phishing page detection method and system
CN106411705A (en) * 2016-09-22 2017-02-15 珠海市魅族科技有限公司 Message sending method and device
US10922433B2 (en) 2018-11-26 2021-02-16 Wells Fargo Bank, N.A. Interrupting receipt of sensitive information
KR20220030782A (en) 2020-09-03 2022-03-11 삼성전자주식회사 Electronic Device and Method for Personal Data Protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002082840A (en) * 2000-09-06 2002-03-22 Sony Corp Method for protecting personal information
JP2002215460A (en) * 2001-01-15 2002-08-02 Hitachi Kokusai Electric Inc Information terminal
US20040054935A1 (en) * 2002-01-18 2004-03-18 Holvey R. David Method and system for protecting information on a computer system
JP2004348700A (en) * 2003-03-27 2004-12-09 Kureo:Kk Personal information management support program, personal information management support method, and personal information management support device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4803627B2 (en) * 2000-06-30 2011-10-26 パナソニック株式会社 User information management device
JP2002132730A (en) * 2000-10-20 2002-05-10 Hitachi Ltd Authentication or access management system and management method based on reliability and disclosure of personal information
JP2003132160A (en) 2001-10-23 2003-05-09 Nec Corp Personal information management system and device, and personal information management program
US7353532B2 (en) * 2002-08-30 2008-04-01 International Business Machines Corporation Secure system and method for enforcement of privacy policy and protection of confidentiality
JP4225815B2 (en) 2003-03-28 2009-02-18 インターナショナル・ビジネス・マシーンズ・コーポレーション Access management system, access management method, and access management method
JP2005099944A (en) 2003-09-22 2005-04-14 National Institute Of Informatics Privacy information protection system and method
US20070174630A1 (en) * 2005-02-21 2007-07-26 Marvin Shannon System and Method of Mobile Anti-Pharming and Improving Two Factor Usage
US7603718B2 (en) * 2005-03-31 2009-10-13 Microsoft Corporation Systems and methods for protecting personally identifiable information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002082840A (en) * 2000-09-06 2002-03-22 Sony Corp Method for protecting personal information
JP2002215460A (en) * 2001-01-15 2002-08-02 Hitachi Kokusai Electric Inc Information terminal
US20040054935A1 (en) * 2002-01-18 2004-03-18 Holvey R. David Method and system for protecting information on a computer system
JP2004348700A (en) * 2003-03-27 2004-12-09 Kureo:Kk Personal information management support program, personal information management support method, and personal information management support device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009089706A1 (en) * 2007-12-19 2009-07-23 Tencent Technology (Shenzhen) Company Limited Method, device and computer terminal for preventing the sensitive information from leaking
EP2280362A1 (en) * 2009-07-30 2011-02-02 Research In Motion Limited Apparatus and method for controlled sharing of personal information
US8875219B2 (en) 2009-07-30 2014-10-28 Blackberry Limited Apparatus and method for controlled sharing of personal information
US20240106857A1 (en) * 2022-09-28 2024-03-28 Bank Of America Corporation Typosquatting Detection and Notification
US12323460B2 (en) * 2022-09-28 2025-06-03 Bank Of America Corporation Typosquatting detection and notification

Also Published As

Publication number Publication date
KR100670826B1 (en) 2007-01-19
US20080307529A1 (en) 2008-12-11

Similar Documents

Publication Publication Date Title
US20080307529A1 (en) Method and Apparatus for Protecting Internet Privacy
US8312261B2 (en) Method and system for verification of an endpoint security scan
US7779062B2 (en) System for preventing keystroke logging software from accessing or identifying keystrokes
US8677493B2 (en) Dynamic cleaning for malware using cloud technology
EP2492836A1 (en) Terminal management system and terminal management method
CN109684832A (en) The system and method for detecting malicious file
KR20190026691A (en) System and method for detecting online fraud
EP2031823B1 (en) Phishing notification service
CN102227734A (en) Client computer for protecting confidential file, server computer therefor, method therefor, and computer program
WO2011023664A2 (en) Threat detection in a data processing system
IL211758A (en) Authorization of server operations
US11509691B2 (en) Protecting from directory enumeration using honeypot pages within a network directory
US8359634B2 (en) Method and system to optimize efficiency when managing lists of untrusted network sites
KR20110102879A (en) Electronic file delivery method
US7647402B2 (en) Protecting contents of computer data files from suspected intruders by renaming and hiding data files subjected to intrusion
JP6564841B2 (en) Verification server, verification method and computer program
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
US11636219B2 (en) System, method, and apparatus for enhanced whitelisting
EP3563548B1 (en) Historic data breach detection
JP2007140798A (en) Information leakage prevention system for computer
JP4607082B2 (en) Information processing apparatus, management method, and computer program
Chow et al. A generic anti-spyware solution by access control list at kernel level
US20240427939A1 (en) Methods and associated computer systems for ensuring the integrity of data
US20220342985A1 (en) Anomaly detection and characterization in app permissions
EP3563543B1 (en) Data breach detection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 12096835

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06768738

Country of ref document: EP

Kind code of ref document: A1